GitHub to Implement Mandatory Two-factor Authentication for User Safety
GitHub has recently announced the rollout of a phased transition to mandatory two-factor authentication for all users publishing code. Starting from March 13th, the mandatory two-factor authentication process will begin for individual user groups, gradually encompassing new categories until the end of 2023.
Initially, the authentication will be mandatory for developers publishing packages, OAUTH applications, and GitHub-developers forming releases participating in critical projects for ecosystems like NPM, Opensf, Pypi, and Rubygems. Also, the most involved in the work of four million most popular repositories will be included.
Email notifications will be sent to users and warnings will be displayed in the interface as the time of transfer to two-factor authentication approaches. After the first warning, the developer will have 45 days to configure two-factor authentication.
The use of two-factor authentication is crucial in protecting the development process and repositories from malicious changes resulting from compromised login credentials, passwords, hacks or social engineering methods. To enhance the protection process, it is recommended to use applications like Authy, Google authenticator and freeotp that create disposable passwords with limited validity (TOTP).
According to GitHub, gaining access to repositories as a result of attackers taking accounts is one of the most dangerous threats. In case of a successful attack, hidden changes could be substituted in popular products and libraries used as dependencies.
By enforcing mandatory two-factor authentication, GitHub aims to raise the bar for software security, and protect its users’ data privacy and online safety.